Privacy PolicyTerms and Conditions

Privacy Policy

Monthly Calendar Widgets is built to keep your calendar data on your device. We do not operate a backend server for your event data.

Quick Summary

DataWhat happens
Calendar eventsRead from your device to display in app and widgets. Never uploaded to us.
Google Calendar syncYour device communicates directly with Google APIs. We do not proxy calendar data.
PurchasesHandled by Apple StoreKit and RevenueCat for entitlement status.
Google OAuth tokensStored in iOS Keychain on your device and never sent to our servers.

Permissions

Calendar access (required)

The app requests Full Access using Apple EventKit so it can read events, show them in widgets, and let you create or edit events when you choose.

  • Reads title, start/end, all-day, calendar name/color, and location (if present).
  • Creates and edits events when you initiate those actions.
  • Writes lightweight snapshots to widget extension storage for reliable widget rendering.

If you grant Write Only access, the app can create events but cannot read existing events for in-app display or widgets.

Google sign-in (optional)

Google Calendar connection uses OAuth 2.0 in your browser with PKCE (S256) and the scope https://www.googleapis.com/auth/calendar.

  • We do not see or store your Google password.
  • The OAuth flow runs between your device and Google.
  • You can revoke access anytime from your Google Account permissions.

Data Used On Device

Apple Calendar data

With permission granted, event data is used locally for app views, editing flows, and widget rendering. Up to 4,000 events may be snapshotted for widgets across a 2-year history and 1-year future window.

Google Calendar data (optional)

When connected, the app fetches event details, calendar names, and color metadata from Google Calendar API and stores synced data locally for offline use.

  • Tokens (access/refresh/expiry) are stored in iOS Keychain.
  • Event snapshots are stored in App Group container for widgets.
  • Connected account metadata (email/display name) is stored in UserDefaults.

Third-Party Services

  • Google (optional): OAuth and Calendar API calls are made directly from your device to Google.
  • RevenueCat: purchase validation and entitlement status for subscriptions.
  • Apple: StoreKit handles all app purchase transactions.

RevenueCat policy: revenuecat.com/privacy

Google policy: policies.google.com/privacy

What We Do Not Collect

  • We do not collect or store your Google password.
  • We do not sell your data.
  • We do not include ads, analytics, or cross-app tracking SDKs.
  • We do not build cross-app profiles about you.

Retention, Security, and Deletion

  • Use Delete All My Data in app settings to permanently erase all events, connected accounts, and settings from your device and revoke connected Google access.
  • Revoke calendar permission in iOS Settings > Privacy & Security > Calendars.
  • Disconnect Google in app settings to remove tokens and cached Google events.
  • Uninstalling the app removes local app data, App Group storage, and app-related keychain entries.
  • Stale local cache entries are cleaned automatically (about 180 days).
  • All network traffic uses HTTPS and iOS ATS defaults.

Children and Policy Changes

The app is not directed to children under 13. If you believe a child submitted personal information, contact us and we will address it promptly.

We may update this Privacy Policy to reflect legal or product changes. Updates will be posted on this page with a revised effective date.